Our network install is not the best, so I need to tell applications that communicate over ssl to ignore the certificate. Had to do the same this with NPM, etc. So now when I run...
$ easy_install pip
...
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!
So how do I turn off this validation?
P.S. I know this is a security vector but humor me.
I believe your easy_install ultimately goes to setuptools, which has its SSL helper. On my Linux it was at /usr/lib/python2.7/site-packages/setuptools/ssl_support.py. There are 2 ways from there basically:
I would recommend obtaining the certificate and manually adding it, you will find the locations inside the ssl_support.py. These lines caught my attention:
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
/etc/ssl/cert.pem
/System/Library/OpenSSL/certs/cert.pem
""".strip().split()
Just append your certificate to any of them. See here how to obtain a certifiate using openssl s_client: Using openssl to get the certificate from a server
Taking the humoring a bit further, you can completely disable SSL verification in your setuptools helper. The following lines in ssl_support.py caught my attention:
try:
import ssl
except ImportError:
ssl = None
I just added ssl = None after, so that:
try:
import ssl
except ImportError:
ssl = None
ssl = None
